feat(import-export): complete company portability — secrets export/import and env round-tripping

Adds opt-in secret export/import: secret values are resolved (and optionally
decrypted) into the portability manifest, and re-created with conflict
handling on import. Fixes env round-tripping so both secret_ref and plain
bindings survive export/import cycles.
This commit is contained in:
2026-05-01 08:18:50 -04:00
parent 3494e84a29
commit e8579d5c66
8 changed files with 579 additions and 21 deletions
@@ -21,6 +21,9 @@ export const portabilityEnvInputSchema = z.object({
requirement: z.enum(["required", "optional"]),
defaultValue: z.string().nullable(),
portability: z.enum(["portable", "system_dependent"]),
secretName: z.string().min(1).nullable().optional(),
secretProvider: z.string().min(1).nullable().optional(),
type: z.enum(["secret_ref", "plain"]).optional(),
});
export const portabilityFileEntrySchema = z.union([
@@ -175,6 +178,13 @@ export const portabilityManifestSchema = z.object({
projects: z.array(portabilityProjectManifestEntrySchema).default([]),
issues: z.array(portabilityIssueManifestEntrySchema).default([]),
envInputs: z.array(portabilityEnvInputSchema).default([]),
secrets: z.array(z.object({
name: z.string().min(1),
provider: z.string().min(1),
description: z.string().nullable(),
latestVersion: z.number().int().nonnegative(),
currentValue: z.string(),
})).optional(),
});
export const portabilitySourceSchema = z.discriminatedUnion("type", [
@@ -217,6 +227,7 @@ export const companyPortabilityExportSchema = z.object({
selectedFiles: z.array(z.string().min(1)).optional(),
expandReferencedSkills: z.boolean().optional(),
sidebarOrder: portabilitySidebarOrderSchema.partial().optional(),
includeSecrets: z.boolean().optional(),
});
export type CompanyPortabilityExport = z.infer<typeof companyPortabilityExportSchema>;